A person’s online footprint is the aggregation of the data generated by online activities. In this blog, we look at some very simple ways to help control your online footprint and resist opportunist hackers, without going into advanced techniques that would usually be preserved for the intelligence services or professionally paranoid.

Why would I want to control my online footprint?

Individuals and organisations are capable of building an understanding of someone, based on their online activity. Actors may do this for several reasons, usually the goals are relatively benign, such as the provision of targeted advertising. However, ‘cyber criminals’ are increasingly looking to harvest personal details to be either sold wholesale or used to breach accounts. Being aware of one’s personal footprint is more important than ever to reduce the risk of identify theft and other unpleasant practices.

Top tips

As mentioned above, our online presence can be used against us – whether to find out personal information, or to probe for weaknesses for further malicious activity to exploit. There are various simple measures you can put in place to reduce this activity.

· Separation of work and private life. If an account is a personal account, do not link it with your business accounts, and vice versa. This is especially true for someone in a reasonably high profile role. Using a different name for your personal accounts can make it even harder for someone to connect your work life to your personal life.

· Where contact information is in the public domain, try to ensure that it is only business contact details. The first ports of call for someone investigating you will be companies house, reverse email and phone number lookup tools, and people finding services. Third party tools and services work by trawling accounts and social media sites for contact details which match you; by simply ensuring that only business details are uploaded, you will ensure a buffer between your personal and business activities. If involved in running a limited company, then government services such as companies house will provide information freely to anybody searching your business. As such, it is also wise to use a correspondence address and contact details different to your personal details when registering your company.

· Multi-factor authentication. This may be teaching you to suck eggs, but there is a reason why it is constantly pushed as a safety measure. If someone has found your email address online, and correctly guessed your password, then this added layer of security is what prevents access to anyone except you.

· Clean as you go – when there ceases to be a purpose for the presence of information online, it is defunct. Make an effort to remove irrelevant personal or business information. If you want to remove information from your own website, consider using a robots exclusion protocol – known as robots.exe – which can prevent crawler traffic from accessing archived versions of web pages.

· Stranger Danger! Don’t accept requests from complete strangers or suspicious looking accounts if they will be able to view personal information once friends with you.

· Use a Virtual Private Network (VPN). VPNs act as a proxy, spoofing your IP address, therefore in essence giving you a false identity. When web traffic is scanned, your IP address will not appear as having spent time investigating your target. Be careful not to fall foul of jurisdictional issues when pretending to be located in another country.

· Three Random Words. The NCSC advises individuals to base passwords on three random words, the logic here being the bigger the password (in terms of the amount of characters) the harder it is for an malicious actor to break.

Never reuse your passwords!

General Practice

Cyber hygiene encompasses more than just the points above. There are a few technical things you can do, but the general safety and privacy can be ensured by updating your settings and applying an element of common sense. For example, do ensure that none of your social media accounts are open to viewing by non-friends – unless, of course, you actively want it to be visible to anyone. On this point, a golden rule should always be to put yourself in the shoes of somebody searching you – what they see should be what you want them to see. This way, you are in control. Importantly, you also control the narrative of your own online footprint.